NovumOS local privilege escalation (CVE-2026-40572)

Patch now - CVE-2026-40572 is a critical privilege-escalation flaw in NovumOS below 0.24 that grants a standard local user full kernel-level system control via a memory-mapping syscall.

Overview

A critical security vulnerability, identified as CVE-2026-40572, has been patched in the NovumOS operating system. This flaw allows a standard user on a local system to gain complete control over the operating system kernel, bypassing all security restrictions.

Vulnerability Details

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, a specific system call (Syscall 15, MemoryMapRange) contained insufficient validation. This syscall is responsible for allowing user-mode applications to map memory ranges into their own virtual address space.

The vulnerability exists because the syscall does not check if the requested memory range overlaps with protected kernel regions. These forbidden regions include critical low-level kernel data structures such as the Interrupt Descriptor Table (IDT), Global Descriptor Table (GDT), Task State Segment (TSS), and the kernel’s own page tables.

Impact

The impact of this vulnerability is severe. A local attacker with a standard, non-privileged user account can exploit this flaw to map these critical kernel structures into their own process memory. Once mapped, the attacker can directly modify the contents of these structures. For example, by overwriting an entry in the IDT-which controls interrupt and exception handlers-an attacker can redirect kernel execution to their own malicious code. This results in a full privilege escalation from user mode (Ring 3) to kernel mode (Ring 0), granting the attacker the highest level of system control. They can then install persistent malware, disable security controls, or access any data on the system.

This vulnerability has a CVSS v3.1 base score of 9.0 (Critical), with an attack vector of Local, low attack complexity, and no privileges required.

Remediation and Mitigation

The only complete remediation is to update NovumOS to version 0.24, where this vulnerability has been fixed. System administrators and developers using NovumOS must upgrade immediately.

Action Required:

• Identify all systems running NovumOS.
• Check the current OS version. Any version below 0.24 is vulnerable.
• Update the operating system to version 0.24 or later from the official NovumOS distribution channels.

As this is a fundamental flaw in a core system call, there are no effective workarounds or mitigations short of applying the patch. Restricting user access does not mitigate the risk, as any valid local user account can be used to trigger the exploit.

Security Insight

This vulnerability highlights the critical importance of rigorous boundary checking in kernel-space interfaces, especially in newer or niche operating systems. The flaw is reminiscent of classic Windows \Device\PhysicalMemory or Linux /dev/mem vulnerabilities, where user access to low-level memory leads to instant privilege escalation. It serves as a case study for developers of low-level systems, emphasizing that a single missing validation check in a syscall can completely collapse the security model of an entire OS. For more on the consequences of kernel-level breaches, see our breach reports.

Further Reading

• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs